news 
Hackers Hijacked Legitimate Chrome Extensions to Try to Steal Data
A cyberattack campaign has been discovered to have inserted malicious code into multiple Chrome browser extensions as far back as mid-December. The goal of the attack appears to be stealing browser cookies and authentication sessions, specifically targeting social media advertising and AI platforms.
According to a blog post from one of the affected companies, Cyberhaven, the attack is believed to have originated from a phishing email that compromised their data protection extension. The company released a statement saying that an update (version 24.10.4) of their extension was pushed on Christmas Eve at 8:32 PM ET, containing the malicious code. However, it wasn’t until December 25th at 6:54 PM ET that Cyberhaven discovered the issue and removed it within an hour.
The affected extensions include not only Cyberhaven’s data loss prevention tool but also other popular VPN and AI-based applications. These extensions in question are Internxt VPN, VPNCity, Uvoice, and ParrotTalks, as reported by Bleeping Computer.
Security researcher Jaime Blasco has commented on the attack, stating that it seems to be a random phishing attempt rather than a targeted attack specifically aimed at Cyberhaven. The malicious code inserted into these extensions appears designed to steal browser cookies and authentication sessions, which could grant attackers access to sensitive information such as social media advertising data.
In response to the breach, Cyberhaven is advising affected companies to review their logs for suspicious activity and revoke or rotate any passwords not utilizing the FIDO2 multifactor authentication standard.
Source: http://www.theverge.com
